Merge branch 'rav/more_group_chat/1'

This commit is contained in:
Richard van der Hoff 2016-05-25 15:46:50 +01:00
commit 27b57c8d88
24 changed files with 2296 additions and 120 deletions

View file

@ -31,8 +31,21 @@ enum OlmErrorCode {
OLM_BAD_ACCOUNT_KEY = 8, /*!< The supplied account key is invalid */
OLM_UNKNOWN_PICKLE_VERSION = 9, /*!< The pickled object is too new */
OLM_CORRUPTED_PICKLE = 10, /*!< The pickled object couldn't be decoded */
OLM_BAD_SESSION_KEY = 11, /*!< Attempt to initialise an inbound group
session from an invalid session key */
OLM_UNKNOWN_MESSAGE_INDEX = 12, /*!< Attempt to decode a message whose
* index is earlier than our earliest
* known session key.
*/
/* remember to update the list of string constants in error.c when updating
* this list. */
};
/** get a string representation of the given error code. */
const char * _olm_error_to_string(enum OlmErrorCode error);
#ifdef __cplusplus
} // extern "C"
#endif

View file

@ -0,0 +1,153 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OLM_INBOUND_GROUP_SESSION_H_
#define OLM_INBOUND_GROUP_SESSION_H_
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct OlmInboundGroupSession OlmInboundGroupSession;
/** get the size of an inbound group session, in bytes. */
size_t olm_inbound_group_session_size();
/**
* Initialise an inbound group session object using the supplied memory
* The supplied memory should be at least olm_inbound_group_session_size()
* bytes.
*/
OlmInboundGroupSession * olm_inbound_group_session(
void *memory
);
/**
* A null terminated string describing the most recent error to happen to a
* group session */
const char *olm_inbound_group_session_last_error(
const OlmInboundGroupSession *session
);
/** Clears the memory used to back this group session */
size_t olm_clear_inbound_group_session(
OlmInboundGroupSession *session
);
/** Returns the number of bytes needed to store an inbound group session */
size_t olm_pickle_inbound_group_session_length(
const OlmInboundGroupSession *session
);
/**
* Stores a group session as a base64 string. Encrypts the session using the
* supplied key. Returns the length of the session on success.
*
* Returns olm_error() on failure. If the pickle output buffer
* is smaller than olm_pickle_inbound_group_session_length() then
* olm_inbound_group_session_last_error() will be "OUTPUT_BUFFER_TOO_SMALL"
*/
size_t olm_pickle_inbound_group_session(
OlmInboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
);
/**
* Loads a group session from a pickled base64 string. Decrypts the session
* using the supplied key.
*
* Returns olm_error() on failure. If the key doesn't match the one used to
* encrypt the account then olm_inbound_group_session_last_error() will be
* "BAD_ACCOUNT_KEY". If the base64 couldn't be decoded then
* olm_inbound_group_session_last_error() will be "INVALID_BASE64". The input
* pickled buffer is destroyed
*/
size_t olm_unpickle_inbound_group_session(
OlmInboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
);
/**
* Start a new inbound group session, based on the parameters supplied.
*
* Returns olm_error() on failure. On failure last_error will be set with an
* error code. The last_error will be:
*
* * OLM_INVALID_BASE64 if the session_key is not valid base64
* * OLM_BAD_SESSION_KEY if the session_key is invalid
*/
size_t olm_init_inbound_group_session(
OlmInboundGroupSession *session,
uint32_t message_index,
/* base64-encoded key */
uint8_t const * session_key, size_t session_key_length
);
/**
* Get an upper bound on the number of bytes of plain-text the decrypt method
* will write for a given input message length. The actual size could be
* different due to padding.
*
* The input message buffer is destroyed.
*
* Returns olm_error() on failure.
*/
size_t olm_group_decrypt_max_plaintext_length(
OlmInboundGroupSession *session,
uint8_t * message, size_t message_length
);
/**
* Decrypt a message.
*
* The input message buffer is destroyed.
*
* Returns the length of the decrypted plain-text, or olm_error() on failure.
*
* On failure last_error will be set with an error code. The last_error will
* be:
* * OLM_OUTPUT_BUFFER_TOO_SMALL if the plain-text buffer is too small
* * OLM_INVALID_BASE64 if the message is not valid base-64
* * OLM_BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
* version of the protocol
* * OLM_BAD_MESSAGE_FORMAT if the message headers could not be decoded
* * OLM_BAD_MESSAGE_MAC if the message could not be verified
* * OLM_UNKNOWN_MESSAGE_INDEX if we do not have a session key corresponding to the
* message's index (ie, it was sent before the session key was shared with
* us)
*/
size_t olm_group_decrypt(
OlmInboundGroupSession *session,
/* input; note that it will be overwritten with the base64-decoded
message. */
uint8_t * message, size_t message_length,
/* output */
uint8_t * plaintext, size_t max_plaintext_length
);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_INBOUND_GROUP_SESSION_H_ */

95
include/olm/megolm.h Normal file
View file

@ -0,0 +1,95 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OLM_MEGOLM_H_
#define OLM_MEGOLM_H_
/**
* implementation of the Megolm multi-part ratchet used in group chats.
*/
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* number of bytes in each part of the ratchet; this should be the same as
* the length of the hash function used in the HMAC (32 bytes for us, as we
* use HMAC-SHA-256)
*/
#define MEGOLM_RATCHET_PART_LENGTH 32 /* SHA256_OUTPUT_LENGTH */
/**
* number of parts in the ratchet; the advance() implementations rely on
* this being 4.
*/
#define MEGOLM_RATCHET_PARTS 4
#define MEGOLM_RATCHET_LENGTH (MEGOLM_RATCHET_PARTS * MEGOLM_RATCHET_PART_LENGTH)
typedef struct Megolm {
uint8_t data[MEGOLM_RATCHET_PARTS][MEGOLM_RATCHET_PART_LENGTH];
uint32_t counter;
} Megolm;
/**
* The cipher used in megolm-backed conversations
*
* (AES256 + SHA256, with keys based on an HKDF with info of MEGOLM_KEYS)
*/
extern const struct _olm_cipher *megolm_cipher;
/**
* initialize the megolm ratchet. random_data should be at least
* MEGOLM_RATCHET_LENGTH bytes of randomness.
*/
void megolm_init(Megolm *megolm, uint8_t const *random_data, uint32_t counter);
/** Returns the number of bytes needed to store a megolm */
size_t megolm_pickle_length(const Megolm *megolm);
/**
* Pickle the megolm. Returns a pointer to the next free space in the buffer.
*/
uint8_t * megolm_pickle(const Megolm *megolm, uint8_t *pos);
/**
* Unpickle the megolm. Returns a pointer to the next item in the buffer.
*/
const uint8_t * megolm_unpickle(Megolm *megolm, const uint8_t *pos,
const uint8_t *end);
/** advance the ratchet by one step */
void megolm_advance(Megolm *megolm);
/**
* get the key data in the ratchet. The returned data is
* MEGOLM_RATCHET_LENGTH bytes long.
*/
#define megolm_get_data(megolm) ((const uint8_t *)((megolm)->data))
/** advance the ratchet to a given count */
void megolm_advance_to(Megolm *megolm, uint32_t advance_to);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_MEGOLM_H_ */

98
include/olm/message.h Normal file
View file

@ -0,0 +1,98 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* functions for encoding and decoding messages in the Olm protocol.
*
* Some of these functions have only C++ bindings, and are declared in
* message.hh; in time, they should probably be converted to plain C and
* declared here.
*/
#ifndef OLM_MESSAGE_H_
#define OLM_MESSAGE_H_
#include <stdint.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* The length of the buffer needed to hold a group message.
*/
size_t _olm_encode_group_message_length(
size_t group_session_id_length,
uint32_t chain_index,
size_t ciphertext_length,
size_t mac_length
);
/**
* Writes the message headers into the output buffer.
*
* version: version number of the olm protocol
* session_id: group session identifier
* session_id_length: length of session_id
* message_index: message index
* ciphertext_length: length of the ciphertext
* output: where to write the output. Should be at least
* olm_encode_group_message_length() bytes long.
* ciphertext_ptr: returns the address that the ciphertext
* should be written to, followed by the MAC.
*
* Returns the size of the message, up to the MAC.
*/
size_t _olm_encode_group_message(
uint8_t version,
const uint8_t *session_id,
size_t session_id_length,
uint32_t message_index,
size_t ciphertext_length,
uint8_t *output,
uint8_t **ciphertext_ptr
);
struct _OlmDecodeGroupMessageResults {
uint8_t version;
const uint8_t *session_id;
size_t session_id_length;
uint32_t message_index;
int has_message_index;
const uint8_t *ciphertext;
size_t ciphertext_length;
};
/**
* Reads the message headers from the input buffer.
*/
void _olm_decode_group_message(
const uint8_t *input, size_t input_length,
size_t mac_length,
/* output structure: updated with results */
struct _OlmDecodeGroupMessageResults *results
);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_MESSAGE_H_ */

View file

@ -12,6 +12,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* functions for encoding and decoding messages in the Olm protocol.
*
* Some of these functions have plain-C bindings, and are declared in
* message.h; in time, all of the functions declared here should probably be
* converted to plain C and moved to message.h.
*/
#include "message.h"
#include <cstddef>
#include <cstdint>

View file

@ -19,6 +19,9 @@
#include <stddef.h>
#include <stdint.h>
#include "olm/inbound_group_session.h"
#include "olm/outbound_group_session.h"
#ifdef __cplusplus
extern "C" {
#endif

View file

@ -0,0 +1,181 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OLM_OUTBOUND_GROUP_SESSION_H_
#define OLM_OUTBOUND_GROUP_SESSION_H_
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct OlmOutboundGroupSession OlmOutboundGroupSession;
/** get the size of an outbound group session, in bytes. */
size_t olm_outbound_group_session_size();
/**
* Initialise an outbound group session object using the supplied memory
* The supplied memory should be at least olm_outbound_group_session_size()
* bytes.
*/
OlmOutboundGroupSession * olm_outbound_group_session(
void *memory
);
/**
* A null terminated string describing the most recent error to happen to a
* group session */
const char *olm_outbound_group_session_last_error(
const OlmOutboundGroupSession *session
);
/** Clears the memory used to back this group session */
size_t olm_clear_outbound_group_session(
OlmOutboundGroupSession *session
);
/** Returns the number of bytes needed to store an outbound group session */
size_t olm_pickle_outbound_group_session_length(
const OlmOutboundGroupSession *session
);
/**
* Stores a group session as a base64 string. Encrypts the session using the
* supplied key. Returns the length of the session on success.
*
* Returns olm_error() on failure. If the pickle output buffer
* is smaller than olm_pickle_outbound_group_session_length() then
* olm_outbound_group_session_last_error() will be "OUTPUT_BUFFER_TOO_SMALL"
*/
size_t olm_pickle_outbound_group_session(
OlmOutboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
);
/**
* Loads a group session from a pickled base64 string. Decrypts the session
* using the supplied key.
*
* Returns olm_error() on failure. If the key doesn't match the one used to
* encrypt the account then olm_outbound_group_session_last_error() will be
* "BAD_ACCOUNT_KEY". If the base64 couldn't be decoded then
* olm_outbound_group_session_last_error() will be "INVALID_BASE64". The input
* pickled buffer is destroyed
*/
size_t olm_unpickle_outbound_group_session(
OlmOutboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
);
/** The number of random bytes needed to create an outbound group session */
size_t olm_init_outbound_group_session_random_length(
const OlmOutboundGroupSession *session
);
/**
* Start a new outbound group session. Returns olm_error() on failure. On
* failure last_error will be set with an error code. The last_error will be
* NOT_ENOUGH_RANDOM if the number of random bytes was too small.
*/
size_t olm_init_outbound_group_session(
OlmOutboundGroupSession *session,
uint8_t const * random, size_t random_length
);
/**
* The number of bytes that will be created by encrypting a message
*/
size_t olm_group_encrypt_message_length(
OlmOutboundGroupSession *session,
size_t plaintext_length
);
/**
* Encrypt some plain-text. Returns the length of the encrypted message or
* olm_error() on failure. On failure last_error will be set with an
* error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the output
* buffer is too small.
*/
size_t olm_group_encrypt(
OlmOutboundGroupSession *session,
uint8_t const * plaintext, size_t plaintext_length,
uint8_t * message, size_t message_length
);
/**
* Get the number of bytes returned by olm_outbound_group_session_id()
*/
size_t olm_outbound_group_session_id_length(
const OlmOutboundGroupSession *session
);
/**
* Get a base64-encoded identifier for this session.
*
* Returns the length of the session id on success or olm_error() on
* failure. On failure last_error will be set with an error code. The
* last_error will be OUTPUT_BUFFER_TOO_SMALL if the id buffer was too
* small.
*/
size_t olm_outbound_group_session_id(
OlmOutboundGroupSession *session,
uint8_t * id, size_t id_length
);
/**
* Get the current message index for this session.
*
* Each message is sent with an increasing index; this returns the index for
* the next message.
*/
uint32_t olm_outbound_group_session_message_index(
OlmOutboundGroupSession *session
);
/**
* Get the number of bytes returned by olm_outbound_group_session_key()
*/
size_t olm_outbound_group_session_key_length(
const OlmOutboundGroupSession *session
);
/**
* Get the base64-encoded current ratchet key for this session.
*
* Each message is sent with a diffent ratchet key. This function returns the
* ratchet key that will be used for the next message.
*
* Returns the length of the ratchet key on success or olm_error() on
* failure. On failure last_error will be set with an error code. The
* last_error will be OUTPUT_BUFFER_TOO_SMALL if the buffer was too small.
*/
size_t olm_outbound_group_session_key(
OlmOutboundGroupSession *session,
uint8_t * key, size_t key_length
);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_OUTBOUND_GROUP_SESSION_H_ */

View file

@ -0,0 +1,76 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* functions for encrypting and decrypting pickled representations of objects */
#ifndef OLM_PICKLE_ENCODING_H_
#define OLM_PICKLE_ENCODING_H_
#include <stddef.h>
#include <stdint.h>
#include "olm/error.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Get the number of bytes needed to encode a pickle of the length given
*/
size_t _olm_enc_output_length(size_t raw_length);
/**
* Get the point in the output buffer that the raw pickle should be written to.
*
* In order that we can use the same buffer for the raw pickle, and the encoded
* pickle, the raw pickle needs to be written at the end of the buffer. (The
* base-64 encoding would otherwise overwrite the end of the input before it
* was encoded.)
*/
uint8_t *_olm_enc_output_pos(uint8_t * output, size_t raw_length);
/**
* Encrypt and encode the given pickle in-situ.
*
* The raw pickle should have been written to enc_output_pos(pickle,
* raw_length).
*
* Returns the number of bytes in the encoded pickle.
*/
size_t _olm_enc_output(
uint8_t const * key, size_t key_length,
uint8_t *pickle, size_t raw_length
);
/**
* Decode and decrypt the given pickle in-situ.
*
* Returns the number of bytes in the decoded pickle, or olm_error() on error,
* in which case *last_error will be updated, if last_error is non-NULL.
*/
size_t _olm_enc_input(
uint8_t const * key, size_t key_length,
uint8_t * input, size_t b64_length,
enum OlmErrorCode * last_error
);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_PICKLE_ENCODING_H_ */

1
python/.gitignore vendored
View file

@ -1,3 +1,4 @@
*.pyc
/*.account
/*.session
/*.group_session

View file

@ -1,2 +1,4 @@
from .account import Account
from .session import Session
from .outbound_group_session import OutboundGroupSession
from .inbound_group_session import InboundGroupSession

View file

@ -10,8 +10,7 @@ import yaml
from . import *
if __name__ == '__main__':
def build_arg_parser():
parser = argparse.ArgumentParser()
parser.add_argument("--key", help="Account encryption key", default="")
commands = parser.add_subparsers()
@ -242,5 +241,107 @@ if __name__ == '__main__':
decrypt.set_defaults(func=do_decrypt)
outbound_group = commands.add_parser("outbound_group", help="Create an outbound group session")
outbound_group.add_argument("session_file", help="Local group session file")
outbound_group.set_defaults(func=do_outbound_group)
group_credentials = commands.add_parser("group_credentials", help="Export the current outbound group session credentials")
group_credentials.add_argument("session_file", help="Local outbound group session file")
group_credentials.add_argument("credentials_file", help="File to write credentials to (default stdout)",
type=argparse.FileType('w'), nargs='?',
default=sys.stdout)
group_credentials.set_defaults(func=do_group_credentials)
group_encrypt = commands.add_parser("group_encrypt", help="Encrypt a group message")
group_encrypt.add_argument("session_file", help="Local outbound group session file")
group_encrypt.add_argument("plaintext_file", help="Plaintext file (default stdin)",
type=argparse.FileType('rb'), nargs='?',
default=sys.stdin)
group_encrypt.add_argument("message_file", help="Message file (default stdout)",
type=argparse.FileType('w'), nargs='?',
default=sys.stdout)
group_encrypt.set_defaults(func=do_group_encrypt)
inbound_group = commands.add_parser(
"inbound_group",
help=("Create an inbound group session based on credentials from an "+
"outbound group session"))
inbound_group.add_argument("session_file", help="Local inbound group session file")
inbound_group.add_argument("credentials_file",
help="File to read credentials from (default stdin)",
type=argparse.FileType('r'), nargs='?',
default=sys.stdin)
inbound_group.set_defaults(func=do_inbound_group)
group_decrypt = commands.add_parser("group_decrypt", help="Decrypt a group message")
group_decrypt.add_argument("session_file", help="Local inbound group session file")
group_decrypt.add_argument("message_file", help="Message file (default stdin)",
type=argparse.FileType('r'), nargs='?',
default=sys.stdin)
group_decrypt.add_argument("plaintext_file", help="Plaintext file (default stdout)",
type=argparse.FileType('wb'), nargs='?',
default=sys.stdout)
group_decrypt.set_defaults(func=do_group_decrypt)
return parser
def do_outbound_group(args):
if os.path.exists(args.session_file):
sys.stderr.write("Session %r file already exists" % (
args.session_file,
))
sys.exit(1)
session = OutboundGroupSession()
with open(args.session_file, "wb") as f:
f.write(session.pickle(args.key))
def do_group_encrypt(args):
session = OutboundGroupSession()
with open(args.session_file, "rb") as f:
session.unpickle(args.key, f.read())
plaintext = args.plaintext_file.read()
message = session.encrypt(plaintext)
with open(args.session_file, "wb") as f:
f.write(session.pickle(args.key))
args.message_file.write(message)
def do_group_credentials(args):
session = OutboundGroupSession()
with open(args.session_file, "rb") as f:
session.unpickle(args.key, f.read())
result = {
'message_index': session.message_index(),
'session_key': session.session_key(),
}
json.dump(result, args.credentials_file, indent=4)
def do_inbound_group(args):
if os.path.exists(args.session_file):
sys.stderr.write("Session %r file already exists\n" % (
args.session_file,
))
sys.exit(1)
credentials = json.load(args.credentials_file)
for k in ('message_index', 'session_key'):
if not k in credentials:
sys.stderr.write("Credentials file is missing %s\n" % k)
sys.exit(1);
session = InboundGroupSession()
session.init(credentials['message_index'], credentials['session_key'])
with open(args.session_file, "wb") as f:
f.write(session.pickle(args.key))
def do_group_decrypt(args):
session = InboundGroupSession()
with open(args.session_file, "rb") as f:
session.unpickle(args.key, f.read())
message = args.message_file.read()
plaintext = session.decrypt(message)
with open(args.session_file, "wb") as f:
f.write(session.pickle(args.key))
args.plaintext_file.write(plaintext)
if __name__ == '__main__':
parser = build_arg_parser()
args = parser.parse_args()
args.func(args)

View file

@ -0,0 +1,86 @@
import json
from ._base import *
lib.olm_inbound_group_session_size.argtypes = []
lib.olm_inbound_group_session_size.restype = c_size_t
lib.olm_inbound_group_session.argtypes = [c_void_p]
lib.olm_inbound_group_session.restype = c_void_p
lib.olm_inbound_group_session_last_error.argtypes = [c_void_p]
lib.olm_inbound_group_session_last_error.restype = c_char_p
def inbound_group_session_errcheck(res, func, args):
if res == ERR:
raise OlmError("%s: %s" % (
func.__name__, lib.olm_inbound_group_session_last_error(args[0])
))
return res
def inbound_group_session_function(func, *types):
func.argtypes = (c_void_p,) + types
func.restypes = c_size_t
func.errcheck = inbound_group_session_errcheck
inbound_group_session_function(
lib.olm_pickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
)
inbound_group_session_function(
lib.olm_unpickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
)
inbound_group_session_function(
lib.olm_init_inbound_group_session, c_uint32, c_void_p, c_size_t
)
inbound_group_session_function(
lib.olm_group_decrypt_max_plaintext_length, c_void_p, c_size_t
)
inbound_group_session_function(
lib.olm_group_decrypt,
c_void_p, c_size_t, # message
c_void_p, c_size_t, # plaintext
)
class InboundGroupSession(object):
def __init__(self):
self.buf = create_string_buffer(lib.olm_inbound_group_session_size())
self.ptr = lib.olm_inbound_group_session(self.buf)
def pickle(self, key):
key_buffer = create_string_buffer(key)
pickle_length = lib.olm_pickle_inbound_group_session_length(self.ptr)
pickle_buffer = create_string_buffer(pickle_length)
lib.olm_pickle_inbound_group_session(
self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
)
return pickle_buffer.raw
def unpickle(self, key, pickle):
key_buffer = create_string_buffer(key)
pickle_buffer = create_string_buffer(pickle)
lib.olm_unpickle_inbound_group_session(
self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
)
def init(self, message_index, session_key):
key_buffer = create_string_buffer(session_key)
lib.olm_init_inbound_group_session(
self.ptr, message_index, key_buffer, len(session_key)
)
def decrypt(self, message):
message_buffer = create_string_buffer(message)
max_plaintext_length = lib.olm_group_decrypt_max_plaintext_length(
self.ptr, message_buffer, len(message)
)
plaintext_buffer = create_string_buffer(max_plaintext_length)
message_buffer = create_string_buffer(message)
plaintext_length = lib.olm_group_decrypt(
self.ptr, message_buffer, len(message),
plaintext_buffer, max_plaintext_length
)
return plaintext_buffer.raw[:plaintext_length]

View file

@ -0,0 +1,107 @@
import json
from ._base import *
lib.olm_outbound_group_session_size.argtypes = []
lib.olm_outbound_group_session_size.restype = c_size_t
lib.olm_outbound_group_session.argtypes = [c_void_p]
lib.olm_outbound_group_session.restype = c_void_p
lib.olm_outbound_group_session_last_error.argtypes = [c_void_p]
lib.olm_outbound_group_session_last_error.restype = c_char_p
def outbound_group_session_errcheck(res, func, args):
if res == ERR:
raise OlmError("%s: %s" % (
func.__name__, lib.olm_outbound_group_session_last_error(args[0])
))
return res
def outbound_group_session_function(func, *types):
func.argtypes = (c_void_p,) + types
func.restypes = c_size_t
func.errcheck = outbound_group_session_errcheck
outbound_group_session_function(
lib.olm_pickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
)
outbound_group_session_function(
lib.olm_unpickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
)
outbound_group_session_function(lib.olm_init_outbound_group_session_random_length)
outbound_group_session_function(lib.olm_init_outbound_group_session, c_void_p, c_size_t)
lib.olm_outbound_group_session_message_index.argtypes = [c_void_p]
lib.olm_outbound_group_session_message_index.restype = c_uint32
outbound_group_session_function(lib.olm_group_encrypt_message_length, c_size_t)
outbound_group_session_function(lib.olm_group_encrypt,
c_void_p, c_size_t, # Plaintext
c_void_p, c_size_t, # Message
)
outbound_group_session_function(lib.olm_outbound_group_session_id_length)
outbound_group_session_function(lib.olm_outbound_group_session_id, c_void_p, c_size_t)
outbound_group_session_function(lib.olm_outbound_group_session_key_length)
outbound_group_session_function(lib.olm_outbound_group_session_key, c_void_p, c_size_t)
class OutboundGroupSession(object):
def __init__(self):
self.buf = create_string_buffer(lib.olm_outbound_group_session_size())
self.ptr = lib.olm_outbound_group_session(self.buf)
random_length = lib.olm_init_outbound_group_session_random_length(self.ptr)
random = read_random(random_length)
random_buffer = create_string_buffer(random)
lib.olm_init_outbound_group_session(self.ptr, random_buffer, random_length)
def pickle(self, key):
key_buffer = create_string_buffer(key)
pickle_length = lib.olm_pickle_outbound_group_session_length(self.ptr)
pickle_buffer = create_string_buffer(pickle_length)
lib.olm_pickle_outbound_group_session(
self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
)
return pickle_buffer.raw
def unpickle(self, key, pickle):
key_buffer = create_string_buffer(key)
pickle_buffer = create_string_buffer(pickle)
lib.olm_unpickle_outbound_group_session(
self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
)
def encrypt(self, plaintext):
message_length = lib.olm_group_encrypt_message_length(
self.ptr, len(plaintext)
)
message_buffer = create_string_buffer(message_length)
plaintext_buffer = create_string_buffer(plaintext)
lib.olm_group_encrypt(
self.ptr,
plaintext_buffer, len(plaintext),
message_buffer, message_length,
)
return message_buffer.raw
def session_id(self):
id_length = lib.olm_outbound_group_session_id_length(self.ptr)
id_buffer = create_string_buffer(id_length)
lib.olm_outbound_group_session_id(self.ptr, id_buffer, id_length);
return id_buffer.raw
def message_index(self):
return lib.olm_outbound_group_session_message_index(self.ptr)
def session_key(self):
key_length = lib.olm_outbound_group_session_key_length(self.ptr)
key_buffer = create_string_buffer(key_length)
lib.olm_outbound_group_session_key(self.ptr, key_buffer, key_length);
return key_buffer.raw

View file

@ -6,11 +6,14 @@ OLM="python -m olm"
ALICE_ACCOUNT=alice.account
ALICE_SESSION=alice.session
ALICE_GROUP_SESSION=alice.group_session
BOB_ACCOUNT=bob.account
BOB_SESSION=bob.session
BOB_GROUP_SESSION=bob.group_session
rm $ALICE_ACCOUNT $BOB_ACCOUNT
rm $ALICE_SESSION $BOB_SESSION
rm $ALICE_GROUP_SESSION $BOB_GROUP_SESSION
$OLM create_account $ALICE_ACCOUNT
$OLM create_account $BOB_ACCOUNT
@ -22,3 +25,10 @@ BOB_ONE_TIME_KEY="$($OLM one_time_key $BOB_ACCOUNT)"
$OLM outbound $ALICE_ACCOUNT $ALICE_SESSION "$BOB_IDENTITY_KEY" "$BOB_ONE_TIME_KEY"
echo "Hello world" | $OLM encrypt $ALICE_SESSION - - | $OLM inbound $BOB_ACCOUNT $BOB_SESSION - -
### group sessions
$OLM outbound_group $ALICE_GROUP_SESSION
$OLM group_credentials $ALICE_GROUP_SESSION | $OLM inbound_group $BOB_GROUP_SESSION
echo "Hello group" | $OLM group_encrypt $ALICE_GROUP_SESSION - - | $OLM group_decrypt $BOB_GROUP_SESSION

41
src/error.c Normal file
View file

@ -0,0 +1,41 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/error.h"
static const char * ERRORS[] = {
"SUCCESS",
"NOT_ENOUGH_RANDOM",
"OUTPUT_BUFFER_TOO_SMALL",
"BAD_MESSAGE_VERSION",
"BAD_MESSAGE_FORMAT",
"BAD_MESSAGE_MAC",
"BAD_MESSAGE_KEY_ID",
"INVALID_BASE64",
"BAD_ACCOUNT_KEY",
"UNKNOWN_PICKLE_VERSION",
"CORRUPTED_PICKLE",
"BAD_SESSION_KEY",
"UNKNOWN_MESSAGE_INDEX",
};
const char * _olm_error_to_string(enum OlmErrorCode error)
{
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
return ERRORS[error];
} else {
return "UNKNOWN_ERROR";
}
}

302
src/inbound_group_session.c Normal file
View file

@ -0,0 +1,302 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/inbound_group_session.h"
#include <string.h>
#include "olm/base64.h"
#include "olm/cipher.h"
#include "olm/error.h"
#include "olm/megolm.h"
#include "olm/memory.h"
#include "olm/message.h"
#include "olm/pickle.h"
#include "olm/pickle_encoding.h"
#define OLM_PROTOCOL_VERSION 3
#define PICKLE_VERSION 1
struct OlmInboundGroupSession {
/** our earliest known ratchet value */
Megolm initial_ratchet;
/** The most recent ratchet value */
Megolm latest_ratchet;
enum OlmErrorCode last_error;
};
size_t olm_inbound_group_session_size() {
return sizeof(OlmInboundGroupSession);
}
OlmInboundGroupSession * olm_inbound_group_session(
void *memory
) {
OlmInboundGroupSession *session = memory;
olm_clear_inbound_group_session(session);
return session;
}
const char *olm_inbound_group_session_last_error(
const OlmInboundGroupSession *session
) {
return _olm_error_to_string(session->last_error);
}
size_t olm_clear_inbound_group_session(
OlmInboundGroupSession *session
) {
_olm_unset(session, sizeof(OlmInboundGroupSession));
return sizeof(OlmInboundGroupSession);
}
size_t olm_init_inbound_group_session(
OlmInboundGroupSession *session,
uint32_t message_index,
const uint8_t * session_key, size_t session_key_length
) {
uint8_t key_buf[MEGOLM_RATCHET_LENGTH];
size_t raw_length = _olm_decode_base64_length(session_key_length);
if (raw_length == (size_t)-1) {
session->last_error = OLM_INVALID_BASE64;
return (size_t)-1;
}
if (raw_length != MEGOLM_RATCHET_LENGTH) {
session->last_error = OLM_BAD_SESSION_KEY;
return (size_t)-1;
}
_olm_decode_base64(session_key, session_key_length, key_buf);
megolm_init(&session->initial_ratchet, key_buf, message_index);
megolm_init(&session->latest_ratchet, key_buf, message_index);
_olm_unset(key_buf, MEGOLM_RATCHET_LENGTH);
return 0;
}
static size_t raw_pickle_length(
const OlmInboundGroupSession *session
) {
size_t length = 0;
length += _olm_pickle_uint32_length(PICKLE_VERSION);
length += megolm_pickle_length(&session->initial_ratchet);
length += megolm_pickle_length(&session->latest_ratchet);
return length;
}
size_t olm_pickle_inbound_group_session_length(
const OlmInboundGroupSession *session
) {
return _olm_enc_output_length(raw_pickle_length(session));
}
size_t olm_pickle_inbound_group_session(
OlmInboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
) {
size_t raw_length = raw_pickle_length(session);
uint8_t *pos;
if (pickled_length < _olm_enc_output_length(raw_length)) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
pos = _olm_enc_output_pos(pickled, raw_length);
pos = _olm_pickle_uint32(pos, PICKLE_VERSION);
pos = megolm_pickle(&session->initial_ratchet, pos);
pos = megolm_pickle(&session->latest_ratchet, pos);
return _olm_enc_output(key, key_length, pickled, raw_length);
}
size_t olm_unpickle_inbound_group_session(
OlmInboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
) {
const uint8_t *pos;
const uint8_t *end;
uint32_t pickle_version;
size_t raw_length = _olm_enc_input(
key, key_length, pickled, pickled_length, &(session->last_error)
);
if (raw_length == (size_t)-1) {
return raw_length;
}
pos = pickled;
end = pos + raw_length;
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
if (pickle_version != PICKLE_VERSION) {
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
return (size_t)-1;
}
pos = megolm_unpickle(&session->initial_ratchet, pos, end);
pos = megolm_unpickle(&session->latest_ratchet, pos, end);
if (end != pos) {
/* We had the wrong number of bytes in the input. */
session->last_error = OLM_CORRUPTED_PICKLE;
return (size_t)-1;
}
return pickled_length;
}
/**
* get the max plaintext length in an un-base64-ed message
*/
static size_t _decrypt_max_plaintext_length(
OlmInboundGroupSession *session,
uint8_t * message, size_t message_length
) {
struct _OlmDecodeGroupMessageResults decoded_results;
_olm_decode_group_message(
message, message_length,
megolm_cipher->ops->mac_length(megolm_cipher),
&decoded_results);
if (decoded_results.version != OLM_PROTOCOL_VERSION) {
session->last_error = OLM_BAD_MESSAGE_VERSION;
return (size_t)-1;
}
if (!decoded_results.ciphertext) {
session->last_error = OLM_BAD_MESSAGE_FORMAT;
return (size_t)-1;
}
return megolm_cipher->ops->decrypt_max_plaintext_length(
megolm_cipher, decoded_results.ciphertext_length);
}
size_t olm_group_decrypt_max_plaintext_length(
OlmInboundGroupSession *session,
uint8_t * message, size_t message_length
) {
size_t raw_length;
raw_length = _olm_decode_base64(message, message_length, message);
if (raw_length == (size_t)-1) {
session->last_error = OLM_INVALID_BASE64;
return (size_t)-1;
}
return _decrypt_max_plaintext_length(
session, message, raw_length
);
}
/**
* decrypt an un-base64-ed message
*/
static size_t _decrypt(
OlmInboundGroupSession *session,
uint8_t * message, size_t message_length,
uint8_t * plaintext, size_t max_plaintext_length
) {
struct _OlmDecodeGroupMessageResults decoded_results;
size_t max_length, r;
Megolm *megolm;
Megolm tmp_megolm;
_olm_decode_group_message(
message, message_length,
megolm_cipher->ops->mac_length(megolm_cipher),
&decoded_results);
if (decoded_results.version != OLM_PROTOCOL_VERSION) {
session->last_error = OLM_BAD_MESSAGE_VERSION;
return (size_t)-1;
}
if (!decoded_results.has_message_index || !decoded_results.session_id
|| !decoded_results.ciphertext
) {
session->last_error = OLM_BAD_MESSAGE_FORMAT;
return (size_t)-1;
}
max_length = megolm_cipher->ops->decrypt_max_plaintext_length(
megolm_cipher,
decoded_results.ciphertext_length
);
if (max_plaintext_length < max_length) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
/* pick a megolm instance to use. If we're at or beyond the latest ratchet
* value, use that */
if ((decoded_results.message_index - session->latest_ratchet.counter) < (1U << 31)) {
megolm = &session->latest_ratchet;
} else if ((decoded_results.message_index - session->initial_ratchet.counter) >= (1U << 31)) {
/* the counter is before our intial ratchet - we can't decode this. */
session->last_error = OLM_UNKNOWN_MESSAGE_INDEX;
return (size_t)-1;
} else {
/* otherwise, start from the initial megolm. Take a copy so that we
* don't overwrite the initial megolm */
tmp_megolm = session->initial_ratchet;
megolm = &tmp_megolm;
}
megolm_advance_to(megolm, decoded_results.message_index);
/* now try checking the mac, and decrypting */
r = megolm_cipher->ops->decrypt(
megolm_cipher,
megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH,
message, message_length,
decoded_results.ciphertext, decoded_results.ciphertext_length,
plaintext, max_plaintext_length
);
_olm_unset(&tmp_megolm, sizeof(tmp_megolm));
if (r == (size_t)-1) {
session->last_error = OLM_BAD_MESSAGE_MAC;
return r;
}
return r;
}
size_t olm_group_decrypt(
OlmInboundGroupSession *session,
uint8_t * message, size_t message_length,
uint8_t * plaintext, size_t max_plaintext_length
) {
size_t raw_message_length;
raw_message_length = _olm_decode_base64(message, message_length, message);
if (raw_message_length == (size_t)-1) {
session->last_error = OLM_INVALID_BASE64;
return (size_t)-1;
}
return _decrypt(
session, message, raw_message_length,
plaintext, max_plaintext_length
);
}

150
src/megolm.c Normal file
View file

@ -0,0 +1,150 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/megolm.h"
#include <string.h>
#include "olm/cipher.h"
#include "olm/crypto.h"
#include "olm/pickle.h"
static const struct _olm_cipher_aes_sha_256 MEGOLM_CIPHER =
OLM_CIPHER_INIT_AES_SHA_256("MEGOLM_KEYS");
const struct _olm_cipher *megolm_cipher = OLM_CIPHER_BASE(&MEGOLM_CIPHER);
/* the seeds used in the HMAC-SHA-256 functions for each part of the ratchet.
*/
#define HASH_KEY_SEED_LENGTH 1
static uint8_t HASH_KEY_SEEDS[MEGOLM_RATCHET_PARTS][HASH_KEY_SEED_LENGTH] = {
{0x00},
{0x01},
{0x02},
{0x03}
};
static void rehash_part(
uint8_t data[MEGOLM_RATCHET_PARTS][MEGOLM_RATCHET_PART_LENGTH],
int rehash_from_part, int rehash_to_part
) {
_olm_crypto_hmac_sha256(
data[rehash_from_part],
MEGOLM_RATCHET_PART_LENGTH,
HASH_KEY_SEEDS[rehash_to_part], HASH_KEY_SEED_LENGTH,
data[rehash_to_part]
);
}
void megolm_init(Megolm *megolm, uint8_t const *random_data, uint32_t counter) {
megolm->counter = counter;
memcpy(megolm->data, random_data, MEGOLM_RATCHET_LENGTH);
}
size_t megolm_pickle_length(const Megolm *megolm) {
size_t length = 0;
length += _olm_pickle_bytes_length(megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
length += _olm_pickle_uint32_length(megolm->counter);
return length;
}
uint8_t * megolm_pickle(const Megolm *megolm, uint8_t *pos) {
pos = _olm_pickle_bytes(pos, megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
pos = _olm_pickle_uint32(pos, megolm->counter);
return pos;
}
const uint8_t * megolm_unpickle(Megolm *megolm, const uint8_t *pos,
const uint8_t *end) {
pos = _olm_unpickle_bytes(pos, end, (uint8_t *)(megolm->data),
MEGOLM_RATCHET_LENGTH);
pos = _olm_unpickle_uint32(pos, end, &megolm->counter);
return pos;
}
/* simplistic implementation for a single step */
void megolm_advance(Megolm *megolm) {
uint32_t mask = 0x00FFFFFF;
int h = 0;
int i;
megolm->counter++;
/* figure out how much we need to rekey */
while (h < (int)MEGOLM_RATCHET_PARTS) {
if (!(megolm->counter & mask))
break;
h++;
mask >>= 8;
}
/* now update R(h)...R(3) based on R(h) */
for (i = MEGOLM_RATCHET_PARTS-1; i >= h; i--) {
rehash_part(megolm->data, h, i);
}
}
void megolm_advance_to(Megolm *megolm, uint32_t advance_to) {
int j;
/* starting with R0, see if we need to update each part of the hash */
for (j = 0; j < (int)MEGOLM_RATCHET_PARTS; j++) {
int shift = (MEGOLM_RATCHET_PARTS-j-1) * 8;
uint32_t mask = (~(uint32_t)0) << shift;
int k;
/* how many times do we need to rehash this part?
*
* '& 0xff' ensures we handle integer wraparound correctly
*/
unsigned int steps =
((advance_to >> shift) - (megolm->counter >> shift)) & 0xff;
if (steps == 0) {
/* deal with the edge case where megolm->counter is slightly larger
* than advance_to. This should only happen for R(0), and implies
* that advance_to has wrapped around and we need to advance R(0)
* 256 times.
*/
if (advance_to < megolm->counter) {
steps = 0x100;
} else {
continue;
}
}
/* for all but the last step, we can just bump R(j) without regard
* to R(j+1)...R(3).
*/
while (steps > 1) {
rehash_part(megolm->data, j, j);
steps --;
}
/* on the last step we also need to bump R(j+1)...R(3).
*
* (Theoretically, we could skip bumping R(j+2) if we're going to bump
* R(j+1) again, but the code to figure that out is a bit baroque and
* doesn't save us much).
*/
for (k = 3; k >= j; k--) {
rehash_part(megolm->data, j, k);
}
megolm->counter = advance_to & mask;
}
}

View file

@ -1,4 +1,4 @@
/* Copyright 2015 OpenMarket Ltd
/* Copyright 2015-2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -325,3 +325,86 @@ void olm::decode_one_time_key_message(
unknown = pos;
}
}
static const std::uint8_t GROUP_SESSION_ID_TAG = 012;
static const std::uint8_t GROUP_MESSAGE_INDEX_TAG = 020;
static const std::uint8_t GROUP_CIPHERTEXT_TAG = 032;
size_t _olm_encode_group_message_length(
size_t group_session_id_length,
uint32_t message_index,
size_t ciphertext_length,
size_t mac_length
) {
size_t length = VERSION_LENGTH;
length += 1 + varstring_length(group_session_id_length);
length += 1 + varint_length(message_index);
length += 1 + varstring_length(ciphertext_length);
length += mac_length;
return length;
}
size_t _olm_encode_group_message(
uint8_t version,
const uint8_t *session_id,
size_t session_id_length,
uint32_t message_index,
size_t ciphertext_length,
uint8_t *output,
uint8_t **ciphertext_ptr
) {
std::uint8_t * pos = output;
std::uint8_t * session_id_pos;
*(pos++) = version;
pos = encode(pos, GROUP_SESSION_ID_TAG, session_id_pos, session_id_length);
std::memcpy(session_id_pos, session_id, session_id_length);
pos = encode(pos, GROUP_MESSAGE_INDEX_TAG, message_index);
pos = encode(pos, GROUP_CIPHERTEXT_TAG, *ciphertext_ptr, ciphertext_length);
return pos-output;
}
void _olm_decode_group_message(
const uint8_t *input, size_t input_length,
size_t mac_length,
struct _OlmDecodeGroupMessageResults *results
) {
std::uint8_t const * pos = input;
std::uint8_t const * end = input + input_length - mac_length;
std::uint8_t const * unknown = nullptr;
results->session_id = nullptr;
results->session_id_length = 0;
bool has_message_index = false;
results->message_index = 0;
results->ciphertext = nullptr;
results->ciphertext_length = 0;
if (pos == end) return;
if (input_length < mac_length) return;
results->version = *(pos++);
while (pos != end) {
pos = decode(
pos, end, GROUP_SESSION_ID_TAG,
results->session_id, results->session_id_length
);
pos = decode(
pos, end, GROUP_MESSAGE_INDEX_TAG,
results->message_index, has_message_index
);
pos = decode(
pos, end, GROUP_CIPHERTEXT_TAG,
results->ciphertext, results->ciphertext_length
);
if (unknown == pos) {
pos = skip_unknown(pos, end);
}
unknown = pos;
}
results->has_message_index = (int)has_message_index;
}

View file

@ -16,6 +16,7 @@
#include "olm/session.hh"
#include "olm/account.hh"
#include "olm/cipher.h"
#include "olm/pickle_encoding.h"
#include "olm/utility.hh"
#include "olm/base64.hh"
#include "olm/memory.hh"
@ -57,78 +58,6 @@ static std::uint8_t const * from_c(void const * bytes) {
return reinterpret_cast<std::uint8_t const *>(bytes);
}
static const struct _olm_cipher_aes_sha_256 PICKLE_CIPHER =
OLM_CIPHER_INIT_AES_SHA_256("Pickle");
std::size_t enc_output_length(
size_t raw_length
) {
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
std::size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
length += cipher->ops->mac_length(cipher);
return olm::encode_base64_length(length);
}
std::uint8_t * enc_output_pos(
std::uint8_t * output,
size_t raw_length
) {
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
std::size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
length += cipher->ops->mac_length(cipher);
return output + olm::encode_base64_length(length) - length;
}
std::size_t enc_output(
std::uint8_t const * key, std::size_t key_length,
std::uint8_t * output, size_t raw_length
) {
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
std::size_t ciphertext_length = cipher->ops->encrypt_ciphertext_length(
cipher, raw_length
);
std::size_t length = ciphertext_length + cipher->ops->mac_length(cipher);
std::size_t base64_length = olm::encode_base64_length(length);
std::uint8_t * raw_output = output + base64_length - length;
cipher->ops->encrypt(
cipher,
key, key_length,
raw_output, raw_length,
raw_output, ciphertext_length,
raw_output, length
);
olm::encode_base64(raw_output, length, output);
return raw_length;
}
std::size_t enc_input(
std::uint8_t const * key, std::size_t key_length,
std::uint8_t * input, size_t b64_length,
OlmErrorCode & last_error
) {
std::size_t enc_length = olm::decode_base64_length(b64_length);
if (enc_length == std::size_t(-1)) {
last_error = OlmErrorCode::OLM_INVALID_BASE64;
return std::size_t(-1);
}
olm::decode_base64(input, b64_length, input);
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
std::size_t raw_length = enc_length - cipher->ops->mac_length(cipher);
std::size_t result = cipher->ops->decrypt(
cipher,
key, key_length,
input, enc_length,
input, raw_length,
input, raw_length
);
if (result == std::size_t(-1)) {
last_error = OlmErrorCode::OLM_BAD_ACCOUNT_KEY;
}
return result;
}
std::size_t b64_output_length(
size_t raw_length
) {
@ -164,20 +93,6 @@ std::size_t b64_input(
return raw_length;
}
static const char * ERRORS[11] {
"SUCCESS",
"NOT_ENOUGH_RANDOM",
"OUTPUT_BUFFER_TOO_SMALL",
"BAD_MESSAGE_VERSION",
"BAD_MESSAGE_FORMAT",
"BAD_MESSAGE_MAC",
"BAD_MESSAGE_KEY_ID",
"INVALID_BASE64",
"BAD_ACCOUNT_KEY",
"UNKNOWN_PICKLE_VERSION",
"CORRUPTED_PICKLE",
};
} // namespace
@ -192,35 +107,23 @@ size_t olm_error() {
const char * olm_account_last_error(
OlmAccount * account
) {
unsigned error = unsigned(from_c(account)->last_error);
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
return ERRORS[error];
} else {
return "UNKNOWN_ERROR";
}
auto error = from_c(account)->last_error;
return _olm_error_to_string(error);
}
const char * olm_session_last_error(
OlmSession * session
) {
unsigned error = unsigned(from_c(session)->last_error);
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
return ERRORS[error];
} else {
return "UNKNOWN_ERROR";
}
auto error = from_c(session)->last_error;
return _olm_error_to_string(error);
}
const char * olm_utility_last_error(
OlmUtility * utility
) {
unsigned error = unsigned(from_c(utility)->last_error);
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
return ERRORS[error];
} else {
return "UNKNOWN_ERROR";
}
auto error = from_c(utility)->last_error;
return _olm_error_to_string(error);
}
size_t olm_account_size() {
@ -296,14 +199,14 @@ size_t olm_clear_utility(
size_t olm_pickle_account_length(
OlmAccount * account
) {
return enc_output_length(pickle_length(*from_c(account)));
return _olm_enc_output_length(pickle_length(*from_c(account)));
}
size_t olm_pickle_session_length(
OlmSession * session
) {
return enc_output_length(pickle_length(*from_c(session)));
return _olm_enc_output_length(pickle_length(*from_c(session)));
}
@ -314,12 +217,12 @@ size_t olm_pickle_account(
) {
olm::Account & object = *from_c(account);
std::size_t raw_length = pickle_length(object);
if (pickled_length < enc_output_length(raw_length)) {
if (pickled_length < _olm_enc_output_length(raw_length)) {
object.last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return size_t(-1);
}
pickle(enc_output_pos(from_c(pickled), raw_length), object);
return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
pickle(_olm_enc_output_pos(from_c(pickled), raw_length), object);
return _olm_enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}
@ -330,12 +233,12 @@ size_t olm_pickle_session(
) {
olm::Session & object = *from_c(session);
std::size_t raw_length = pickle_length(object);
if (pickled_length < enc_output_length(raw_length)) {
if (pickled_length < _olm_enc_output_length(raw_length)) {
object.last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return size_t(-1);
}
pickle(enc_output_pos(from_c(pickled), raw_length), object);
return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
pickle(_olm_enc_output_pos(from_c(pickled), raw_length), object);
return _olm_enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}
@ -346,8 +249,8 @@ size_t olm_unpickle_account(
) {
olm::Account & object = *from_c(account);
std::uint8_t * const pos = from_c(pickled);
std::size_t raw_length = enc_input(
from_c(key), key_length, pos, pickled_length, object.last_error
std::size_t raw_length = _olm_enc_input(
from_c(key), key_length, pos, pickled_length, &object.last_error
);
if (raw_length == std::size_t(-1)) {
return std::size_t(-1);
@ -374,8 +277,8 @@ size_t olm_unpickle_session(
) {
olm::Session & object = *from_c(session);
std::uint8_t * const pos = from_c(pickled);
std::size_t raw_length = enc_input(
from_c(key), key_length, pos, pickled_length, object.last_error
std::size_t raw_length = _olm_enc_input(
from_c(key), key_length, pos, pickled_length, &object.last_error
);
if (raw_length == std::size_t(-1)) {
return std::size_t(-1);

View file

@ -0,0 +1,325 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/outbound_group_session.h"
#include <string.h>
#include <sys/time.h>
#include "olm/base64.h"
#include "olm/cipher.h"
#include "olm/error.h"
#include "olm/megolm.h"
#include "olm/memory.h"
#include "olm/message.h"
#include "olm/pickle.h"
#include "olm/pickle_encoding.h"
#define OLM_PROTOCOL_VERSION 3
#define SESSION_ID_RANDOM_BYTES 4
#define GROUP_SESSION_ID_LENGTH (sizeof(struct timeval) + SESSION_ID_RANDOM_BYTES)
#define PICKLE_VERSION 1
struct OlmOutboundGroupSession {
/** the Megolm ratchet providing the encryption keys */
Megolm ratchet;
/** unique identifier for this session */
uint8_t session_id[GROUP_SESSION_ID_LENGTH];
enum OlmErrorCode last_error;
};
size_t olm_outbound_group_session_size() {
return sizeof(OlmOutboundGroupSession);
}
OlmOutboundGroupSession * olm_outbound_group_session(
void *memory
) {
OlmOutboundGroupSession *session = memory;
olm_clear_outbound_group_session(session);
return session;
}
const char *olm_outbound_group_session_last_error(
const OlmOutboundGroupSession *session
) {
return _olm_error_to_string(session->last_error);
}
size_t olm_clear_outbound_group_session(
OlmOutboundGroupSession *session
) {
_olm_unset(session, sizeof(OlmOutboundGroupSession));
return sizeof(OlmOutboundGroupSession);
}
static size_t raw_pickle_length(
const OlmOutboundGroupSession *session
) {
size_t length = 0;
length += _olm_pickle_uint32_length(PICKLE_VERSION);
length += megolm_pickle_length(&(session->ratchet));
length += _olm_pickle_bytes_length(session->session_id,
GROUP_SESSION_ID_LENGTH);
return length;
}
size_t olm_pickle_outbound_group_session_length(
const OlmOutboundGroupSession *session
) {
return _olm_enc_output_length(raw_pickle_length(session));
}
size_t olm_pickle_outbound_group_session(
OlmOutboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
) {
size_t raw_length = raw_pickle_length(session);
uint8_t *pos;
if (pickled_length < _olm_enc_output_length(raw_length)) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
pos = _olm_enc_output_pos(pickled, raw_length);
pos = _olm_pickle_uint32(pos, PICKLE_VERSION);
pos = megolm_pickle(&(session->ratchet), pos);
pos = _olm_pickle_bytes(pos, session->session_id, GROUP_SESSION_ID_LENGTH);
return _olm_enc_output(key, key_length, pickled, raw_length);
}
size_t olm_unpickle_outbound_group_session(
OlmOutboundGroupSession *session,
void const * key, size_t key_length,
void * pickled, size_t pickled_length
) {
const uint8_t *pos;
const uint8_t *end;
uint32_t pickle_version;
size_t raw_length = _olm_enc_input(
key, key_length, pickled, pickled_length, &(session->last_error)
);
if (raw_length == (size_t)-1) {
return raw_length;
}
pos = pickled;
end = pos + raw_length;
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
if (pickle_version != PICKLE_VERSION) {
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
return (size_t)-1;
}
pos = megolm_unpickle(&(session->ratchet), pos, end);
pos = _olm_unpickle_bytes(pos, end, session->session_id, GROUP_SESSION_ID_LENGTH);
if (end != pos) {
/* We had the wrong number of bytes in the input. */
session->last_error = OLM_CORRUPTED_PICKLE;
return (size_t)-1;
}
return pickled_length;
}
size_t olm_init_outbound_group_session_random_length(
const OlmOutboundGroupSession *session
) {
/* we need data to initialize the megolm ratchet, plus some more for the
* session id.
*/
return MEGOLM_RATCHET_LENGTH + SESSION_ID_RANDOM_BYTES;
}
size_t olm_init_outbound_group_session(
OlmOutboundGroupSession *session,
uint8_t const * random, size_t random_length
) {
if (random_length < olm_init_outbound_group_session_random_length(session)) {
/* Insufficient random data for new session */
session->last_error = OLM_NOT_ENOUGH_RANDOM;
return (size_t)-1;
}
megolm_init(&(session->ratchet), random, 0);
random += MEGOLM_RATCHET_LENGTH;
/* initialise the session id. This just has to be unique. We use the
* current time plus some random data.
*/
gettimeofday((struct timeval *)(session->session_id), NULL);
memcpy((session->session_id) + sizeof(struct timeval),
random, SESSION_ID_RANDOM_BYTES);
return 0;
}
static size_t raw_message_length(
OlmOutboundGroupSession *session,
size_t plaintext_length)
{
size_t ciphertext_length, mac_length;
ciphertext_length = megolm_cipher->ops->encrypt_ciphertext_length(
megolm_cipher, plaintext_length
);
mac_length = megolm_cipher->ops->mac_length(megolm_cipher);
return _olm_encode_group_message_length(
GROUP_SESSION_ID_LENGTH, session->ratchet.counter,
ciphertext_length, mac_length);
}
size_t olm_group_encrypt_message_length(
OlmOutboundGroupSession *session,
size_t plaintext_length
) {
size_t message_length = raw_message_length(session, plaintext_length);
return _olm_encode_base64_length(message_length);
}
/** write an un-base64-ed message to the buffer */
static size_t _encrypt(
OlmOutboundGroupSession *session, uint8_t const * plaintext, size_t plaintext_length,
uint8_t * buffer
) {
size_t ciphertext_length, mac_length, message_length;
size_t result;
uint8_t *ciphertext_ptr;
ciphertext_length = megolm_cipher->ops->encrypt_ciphertext_length(
megolm_cipher,
plaintext_length
);
mac_length = megolm_cipher->ops->mac_length(megolm_cipher);
/* first we build the message structure, then we encrypt
* the plaintext into it.
*/
message_length = _olm_encode_group_message(
OLM_PROTOCOL_VERSION,
session->session_id, GROUP_SESSION_ID_LENGTH,
session->ratchet.counter,
ciphertext_length,
buffer,
&ciphertext_ptr);
message_length += mac_length;
result = megolm_cipher->ops->encrypt(
megolm_cipher,
megolm_get_data(&(session->ratchet)), MEGOLM_RATCHET_LENGTH,
plaintext, plaintext_length,
ciphertext_ptr, ciphertext_length,
buffer, message_length
);
if (result == (size_t)-1) {
return result;
}
megolm_advance(&(session->ratchet));
return result;
}
size_t olm_group_encrypt(
OlmOutboundGroupSession *session,
uint8_t const * plaintext, size_t plaintext_length,
uint8_t * message, size_t max_message_length
) {
size_t rawmsglen;
size_t result;
uint8_t *message_pos;
rawmsglen = raw_message_length(session, plaintext_length);
if (max_message_length < _olm_encode_base64_length(rawmsglen)) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
/* we construct the message at the end of the buffer, so that
* we have room to base64-encode it once we're done.
*/
message_pos = message + _olm_encode_base64_length(rawmsglen) - rawmsglen;
/* write the message, and encrypt it, at message_pos */
result = _encrypt(session, plaintext, plaintext_length, message_pos);
if (result == (size_t)-1) {
return result;
}
/* bas64-encode it */
return _olm_encode_base64(
message_pos, rawmsglen, message
);
}
size_t olm_outbound_group_session_id_length(
const OlmOutboundGroupSession *session
) {
return _olm_encode_base64_length(GROUP_SESSION_ID_LENGTH);
}
size_t olm_outbound_group_session_id(
OlmOutboundGroupSession *session,
uint8_t * id, size_t id_length
) {
if (id_length < olm_outbound_group_session_id_length(session)) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
return _olm_encode_base64(session->session_id, GROUP_SESSION_ID_LENGTH, id);
}
uint32_t olm_outbound_group_session_message_index(
OlmOutboundGroupSession *session
) {
return session->ratchet.counter;
}
size_t olm_outbound_group_session_key_length(
const OlmOutboundGroupSession *session
) {
return _olm_encode_base64_length(MEGOLM_RATCHET_LENGTH);
}
size_t olm_outbound_group_session_key(
OlmOutboundGroupSession *session,
uint8_t * key, size_t key_length
) {
if (key_length < olm_outbound_group_session_key_length(session)) {
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
return _olm_encode_base64(
megolm_get_data(&session->ratchet),
MEGOLM_RATCHET_LENGTH, key
);
}

92
src/pickle_encoding.c Normal file
View file

@ -0,0 +1,92 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/pickle_encoding.h"
#include "olm/base64.h"
#include "olm/cipher.h"
#include "olm/olm.h"
static const struct _olm_cipher_aes_sha_256 PICKLE_CIPHER =
OLM_CIPHER_INIT_AES_SHA_256("Pickle");
size_t _olm_enc_output_length(
size_t raw_length
) {
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
length += cipher->ops->mac_length(cipher);
return _olm_encode_base64_length(length);
}
uint8_t * _olm_enc_output_pos(
uint8_t * output,
size_t raw_length
) {
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
length += cipher->ops->mac_length(cipher);
return output + _olm_encode_base64_length(length) - length;
}
size_t _olm_enc_output(
uint8_t const * key, size_t key_length,
uint8_t * output, size_t raw_length
) {
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
size_t ciphertext_length = cipher->ops->encrypt_ciphertext_length(
cipher, raw_length
);
size_t length = ciphertext_length + cipher->ops->mac_length(cipher);
size_t base64_length = _olm_encode_base64_length(length);
uint8_t * raw_output = output + base64_length - length;
cipher->ops->encrypt(
cipher,
key, key_length,
raw_output, raw_length,
raw_output, ciphertext_length,
raw_output, length
);
_olm_encode_base64(raw_output, length, output);
return raw_length;
}
size_t _olm_enc_input(uint8_t const * key, size_t key_length,
uint8_t * input, size_t b64_length,
enum OlmErrorCode * last_error
) {
size_t enc_length = _olm_decode_base64_length(b64_length);
if (enc_length == (size_t)-1) {
if (last_error) {
*last_error = OLM_INVALID_BASE64;
}
return (size_t)-1;
}
_olm_decode_base64(input, b64_length, input);
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
size_t raw_length = enc_length - cipher->ops->mac_length(cipher);
size_t result = cipher->ops->decrypt(
cipher,
key, key_length,
input, enc_length,
input, raw_length,
input, raw_length
);
if (result == (size_t)-1 && last_error) {
*last_error = OLM_BAD_ACCOUNT_KEY;
}
return result;
}

View file

@ -0,0 +1,151 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/inbound_group_session.h"
#include "olm/outbound_group_session.h"
#include "unittest.hh"
int main() {
{
TestCase test_case("Pickle outbound group session");
size_t size = olm_outbound_group_session_size();
uint8_t memory[size];
OlmOutboundGroupSession *session = olm_outbound_group_session(memory);
size_t pickle_length = olm_pickle_outbound_group_session_length(session);
uint8_t pickle1[pickle_length];
olm_pickle_outbound_group_session(session,
"secret_key", 10,
pickle1, pickle_length);
uint8_t pickle2[pickle_length];
memcpy(pickle2, pickle1, pickle_length);
uint8_t buffer2[size];
OlmOutboundGroupSession *session2 = olm_outbound_group_session(buffer2);
size_t res = olm_unpickle_outbound_group_session(session2,
"secret_key", 10,
pickle2, pickle_length);
assert_not_equals((size_t)-1, res);
assert_equals(pickle_length,
olm_pickle_outbound_group_session_length(session2));
olm_pickle_outbound_group_session(session2,
"secret_key", 10,
pickle2, pickle_length);
assert_equals(pickle1, pickle2, pickle_length);
}
{
TestCase test_case("Pickle inbound group session");
size_t size = olm_inbound_group_session_size();
uint8_t memory[size];
OlmInboundGroupSession *session = olm_inbound_group_session(memory);
size_t pickle_length = olm_pickle_inbound_group_session_length(session);
uint8_t pickle1[pickle_length];
olm_pickle_inbound_group_session(session,
"secret_key", 10,
pickle1, pickle_length);
uint8_t pickle2[pickle_length];
memcpy(pickle2, pickle1, pickle_length);
uint8_t buffer2[size];
OlmInboundGroupSession *session2 = olm_inbound_group_session(buffer2);
size_t res = olm_unpickle_inbound_group_session(session2,
"secret_key", 10,
pickle2, pickle_length);
assert_not_equals((size_t)-1, res);
assert_equals(pickle_length,
olm_pickle_inbound_group_session_length(session2));
olm_pickle_inbound_group_session(session2,
"secret_key", 10,
pickle2, pickle_length);
assert_equals(pickle1, pickle2, pickle_length);
}
{
TestCase test_case("Group message send/receive");
uint8_t random_bytes[] =
"0123456789ABDEF0123456789ABCDEF"
"0123456789ABDEF0123456789ABCDEF"
"0123456789ABDEF0123456789ABCDEF"
"0123456789ABDEF0123456789ABCDEF"
"0123456789ABDEF0123456789ABCDEF";
/* build the outbound session */
size_t size = olm_outbound_group_session_size();
uint8_t memory[size];
OlmOutboundGroupSession *session = olm_outbound_group_session(memory);
assert_equals((size_t)132,
olm_init_outbound_group_session_random_length(session));
size_t res = olm_init_outbound_group_session(
session, random_bytes, sizeof(random_bytes));
assert_equals((size_t)0, res);
assert_equals(0U, olm_outbound_group_session_message_index(session));
size_t session_key_len = olm_outbound_group_session_key_length(session);
uint8_t session_key[session_key_len];
olm_outbound_group_session_key(session, session_key, session_key_len);
/* encode the message */
uint8_t plaintext[] = "Message";
size_t plaintext_length = sizeof(plaintext) - 1;
size_t msglen = olm_group_encrypt_message_length(
session, plaintext_length);
uint8_t msg[msglen];
res = olm_group_encrypt(session, plaintext, plaintext_length,
msg, msglen);
assert_equals(msglen, res);
assert_equals(1U, olm_outbound_group_session_message_index(session));
/* build the inbound session */
size = olm_inbound_group_session_size();
uint8_t inbound_session_memory[size];
OlmInboundGroupSession *inbound_session =
olm_inbound_group_session(inbound_session_memory);
res = olm_init_inbound_group_session(
inbound_session, 0U, session_key, session_key_len);
assert_equals((size_t)0, res);
/* decode the message */
/* olm_group_decrypt_max_plaintext_length destroys the input so we have to
copy it. */
uint8_t msgcopy[msglen];
memcpy(msgcopy, msg, msglen);
size = olm_group_decrypt_max_plaintext_length(inbound_session, msgcopy, msglen);
uint8_t plaintext_buf[size];
res = olm_group_decrypt(inbound_session, msg, msglen,
plaintext_buf, size);
assert_equals(plaintext_length, res);
assert_equals(plaintext, plaintext_buf, res);
}
}

134
tests/test_megolm.cpp Normal file
View file

@ -0,0 +1,134 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/megolm.h"
#include "olm/memory.hh"
#include "unittest.hh"
int main() {
std::uint8_t random_bytes[] =
"0123456789ABCDEF0123456789ABCDEF"
"0123456789ABCDEF0123456789ABCDEF"
"0123456789ABCDEF0123456789ABCDEF"
"0123456789ABCDEF0123456789ABCDEF";
{
TestCase test_case("Megolm::advance");
Megolm mr;
megolm_init(&mr, random_bytes, 0);
// single-step advance
megolm_advance(&mr);
const std::uint8_t expected1[] = {
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0xba, 0x9c, 0xd9, 0x55, 0x74, 0x1d, 0x1c, 0x16, 0x23, 0x23, 0xec, 0x82, 0x5e, 0x7c, 0x5c, 0xe8,
0x89, 0xbb, 0xb4, 0x23, 0xa1, 0x8f, 0x23, 0x82, 0x8f, 0xb2, 0x09, 0x0d, 0x6e, 0x2a, 0xf8, 0x6a
};
assert_equals(1U, mr.counter);
assert_equals(expected1, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
// repeat with complex advance
megolm_init(&mr, random_bytes, 0);
megolm_advance_to(&mr, 1);
assert_equals(1U, mr.counter);
assert_equals(expected1, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
megolm_advance_to(&mr, 0x1000000);
const std::uint8_t expected2[] = {
0x54, 0x02, 0x2d, 0x7d, 0xc0, 0x29, 0x8e, 0x16, 0x37, 0xe2, 0x1c, 0x97, 0x15, 0x30, 0x92, 0xf9,
0x33, 0xc0, 0x56, 0xff, 0x74, 0xfe, 0x1b, 0x92, 0x2d, 0x97, 0x1f, 0x24, 0x82, 0xc2, 0x85, 0x9c,
0x70, 0x04, 0xc0, 0x1e, 0xe4, 0x9b, 0xd6, 0xef, 0xe0, 0x07, 0x35, 0x25, 0xaf, 0x9b, 0x16, 0x32,
0xc5, 0xbe, 0x72, 0x6d, 0x12, 0x34, 0x9c, 0xc5, 0xbd, 0x47, 0x2b, 0xdc, 0x2d, 0xf6, 0x54, 0x0f,
0x31, 0x12, 0x59, 0x11, 0x94, 0xfd, 0xa6, 0x17, 0xe5, 0x68, 0xc6, 0x83, 0x10, 0x1e, 0xae, 0xcd,
0x7e, 0xdd, 0xd6, 0xde, 0x1f, 0xbc, 0x07, 0x67, 0xae, 0x34, 0xda, 0x1a, 0x09, 0xa5, 0x4e, 0xab,
0xba, 0x9c, 0xd9, 0x55, 0x74, 0x1d, 0x1c, 0x16, 0x23, 0x23, 0xec, 0x82, 0x5e, 0x7c, 0x5c, 0xe8,
0x89, 0xbb, 0xb4, 0x23, 0xa1, 0x8f, 0x23, 0x82, 0x8f, 0xb2, 0x09, 0x0d, 0x6e, 0x2a, 0xf8, 0x6a,
};
assert_equals(0x1000000U, mr.counter);
assert_equals(expected2, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
megolm_advance_to(&mr, 0x1041506);
const std::uint8_t expected3[] = {
0x54, 0x02, 0x2d, 0x7d, 0xc0, 0x29, 0x8e, 0x16, 0x37, 0xe2, 0x1c, 0x97, 0x15, 0x30, 0x92, 0xf9,
0x33, 0xc0, 0x56, 0xff, 0x74, 0xfe, 0x1b, 0x92, 0x2d, 0x97, 0x1f, 0x24, 0x82, 0xc2, 0x85, 0x9c,
0x55, 0x58, 0x8d, 0xf5, 0xb7, 0xa4, 0x88, 0x78, 0x42, 0x89, 0x27, 0x86, 0x81, 0x64, 0x58, 0x9f,
0x36, 0x63, 0x44, 0x7b, 0x51, 0xed, 0xc3, 0x59, 0x5b, 0x03, 0x6c, 0xa6, 0x04, 0xc4, 0x6d, 0xcd,
0x5c, 0x54, 0x85, 0x0b, 0xfa, 0x98, 0xa1, 0xfd, 0x79, 0xa9, 0xdf, 0x1c, 0xbe, 0x8f, 0xc5, 0x68,
0x19, 0x37, 0xd3, 0x0c, 0x85, 0xc8, 0xc3, 0x1f, 0x7b, 0xb8, 0x28, 0x81, 0x6c, 0xf9, 0xff, 0x3b,
0x95, 0x6c, 0xbf, 0x80, 0x7e, 0x65, 0x12, 0x6a, 0x49, 0x55, 0x8d, 0x45, 0xc8, 0x4a, 0x2e, 0x4c,
0xd5, 0x6f, 0x03, 0xe2, 0x44, 0x16, 0xb9, 0x8e, 0x1c, 0xfd, 0x97, 0xc2, 0x06, 0xaa, 0x90, 0x7a
};
assert_equals(0x1041506U, mr.counter);
assert_equals(expected3, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
}
{
TestCase test_case("Megolm::advance wraparound");
Megolm mr1, mr2;
megolm_init(&mr1, random_bytes, 0xffffffffUL);
megolm_advance_to(&mr1, 0x1000000);
assert_equals(0x1000000U, mr1.counter);
megolm_init(&mr2, random_bytes, 0);
megolm_advance_to(&mr2, 0x2000000);
assert_equals(0x2000000U, mr2.counter);
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
}
{
TestCase test_case("Megolm::advance overflow by one");
Megolm mr1, mr2;
megolm_init(&mr1, random_bytes, 0xffffffffUL);
megolm_advance_to(&mr1, 0x0);
assert_equals(0x0U, mr1.counter);
megolm_init(&mr2, random_bytes, 0xffffffffUL);
megolm_advance(&mr2);
assert_equals(0x0U, mr2.counter);
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
}
{
TestCase test_case("Megolm::advance overflow");
Megolm mr1, mr2;
megolm_init(&mr1, random_bytes, 0x1UL);
megolm_advance_to(&mr1, 0x80000000UL);
megolm_advance_to(&mr1, 0x0);
assert_equals(0x0U, mr1.counter);
megolm_init(&mr2, random_bytes, 0x1UL);
megolm_advance_to(&mr2, 0x0UL);
assert_equals(0x0U, mr2.counter);
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
}
}

View file

@ -1,4 +1,4 @@
/* Copyright 2015 OpenMarket Ltd
/* Copyright 2015-2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -62,4 +62,61 @@ assert_equals(message2, output, 35);
} /* Message encode test */
{ /* group message encode test */
TestCase test_case("Group message encode test");
const uint8_t session_id[] = "sessionid";
size_t session_id_len = 9;
size_t length = _olm_encode_group_message_length(
session_id_len, 200, 10, 8);
size_t expected_length = 1 + (2+session_id_len) + (1+2) + (2+10) + 8;
assert_equals(expected_length, length);
uint8_t output[50];
uint8_t *ciphertext_ptr;
_olm_encode_group_message(
3,
session_id, session_id_len,
200, // counter
10, // ciphertext length
output,
&ciphertext_ptr
);
uint8_t expected[] =
"\x03"
"\x0A\x09sessionid"
"\x10\xC8\x01"
"\x1A\x0A";
assert_equals(expected, output, sizeof(expected)-1);
assert_equals(output+sizeof(expected)-1, ciphertext_ptr);
} /* group message encode test */
{
TestCase test_case("Group message decode test");
struct _OlmDecodeGroupMessageResults results;
std::uint8_t message[] =
"\x03"
"\x0A\x09sessionid"
"\x10\xC8\x01"
"\x1A\x0A" "ciphertext"
"hmacsha2";
const uint8_t expected_session_id[] = "sessionid";
_olm_decode_group_message(message, sizeof(message)-1, 8, &results);
assert_equals(std::uint8_t(3), results.version);
assert_equals(std::size_t(9), results.session_id_length);
assert_equals(expected_session_id, results.session_id, 9);
assert_equals(1, results.has_message_index);
assert_equals(std::uint32_t(200), results.message_index);
assert_equals(std::size_t(10), results.ciphertext_length);
assert_equals(ciphertext, results.ciphertext, 10);
} /* group message decode test */
}